A vulnerability categorized as critical has been discovered in Apache Airflow up to 3.2.1 . Affected is the function lstrip of the component JWT . Executing a manipulation can lead to authorization bypass. The identification of this vulnerability is CVE-2026-45426 . The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.